The complexity of public key systems has made their ease of use and deployment a challenge. Getting the underlying cryptography right is only half the battle. Users must be educated with respect to how the systems should be used for maximum effectiveness. Certificates must be distributed securely and revoked when necessary. These systems require considerable storage, bandwidth, and computational ability. Their privacy implications depend on how they are implemented and used. The scope of the PKI (as with any authentication system) will be one determinant of how grave the attendant privacy risks are. At one end of the spectrum is a PKI designed to operate in a limited context (for example, in a single organization or for a single function), and at the other end are PKIs that attempt to provide service to a very large population for a broad set of purposes.